Re: [OAUTH-WG] OAuth Bearer authentication - for proxies?
Igor Faynberg <igor.faynberg@alcatel-lucent.com> Wed, 04 January 2012 02:58 UTC
Return-Path: <igor.faynberg@alcatel-lucent.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4A8921F8519 for <oauth@ietfa.amsl.com>; Tue, 3 Jan 2012 18:58:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id woRr8G7jX7ob for <oauth@ietfa.amsl.com>; Tue, 3 Jan 2012 18:58:50 -0800 (PST)
Received: from ihemail2.lucent.com (ihemail2.lucent.com [135.245.0.35]) by ietfa.amsl.com (Postfix) with ESMTP id E750D21F8503 for <oauth@ietf.org>; Tue, 3 Jan 2012 18:58:49 -0800 (PST)
Received: from usnavsmail4.ndc.alcatel-lucent.com (usnavsmail4.ndc.alcatel-lucent.com [135.3.39.12]) by ihemail2.lucent.com (8.13.8/IER-o) with ESMTP id q042wbPT002028 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 3 Jan 2012 20:58:46 -0600 (CST)
Received: from umail.lucent.com (umail-ce2.ndc.lucent.com [135.3.40.63]) by usnavsmail4.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id q042waQt020484 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 3 Jan 2012 20:58:37 -0600
Received: from [135.244.21.27] (faynberg.lra.lucent.com [135.244.21.27]) by umail.lucent.com (8.13.8/TPES) with ESMTP id q042wT8r003417; Tue, 3 Jan 2012 20:58:35 -0600 (CST)
Message-ID: <4F03C055.6090105@alcatel-lucent.com>
Date: Tue, 03 Jan 2012 21:58:29 -0500
From: Igor Faynberg <igor.faynberg@alcatel-lucent.com>
Organization: Alcatel-Lucent
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.18) Gecko/20110616 Thunderbird/3.1.11
MIME-Version: 1.0
To: Amos Jeffries <squid3@treenet.co.nz>
References: "<301AF9A4-395C-4B5A-8610-CD86BEE1401A@mnot.net>" <abe2950b95b27818e9e6ebddc99a7b7e@treenet.co.nz> <4EFE7E22.9010200@treenet.co.nz> <4F014DF3.9030105@alcatel-lucent.com> <4F016837.3040904@treenet.co.nz> <4F018048.1020900@lodderstedt.net> <4F019E09.3070007@treenet.co.nz> <4F022CFA.80907@alcatel-lucent.com> <4F024DA0.7080707@treenet.co.nz> <4F039069.6090504@alcatel-lucent.com> <5cdce7b5590ab91952afb70b2cb81694@treenet.co.nz>
In-Reply-To: <5cdce7b5590ab91952afb70b2cb81694@treenet.co.nz>
Content-Type: multipart/alternative; boundary="------------040307010108070302030903"
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.35
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.12
Cc: ietf-http-wg@w3.org, oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth Bearer authentication - for proxies?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: igor.faynberg@alcatel-lucent.com
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2012 02:58:52 -0000
Very good to have a clear sequence! Many thanks for all the work explaining this to me. Maybe my misunderstanding can be corrected by considering observations 1) and 2) and answering question 3) in-line: On 1/3/2012 8:30 PM, Amos Jeffries wrote: > ... Here is a transaction sequence for that bank: > > > client 1 to proxy: > GET /?oauth_token=FOO HTTP/1.1 > Host: bank.example.com 1): If this transaction is done over TLS, then this specific proxy is the ONLY entity in the chain that knows the token at the moment, and since it is in the same domain as the server, we must assume its fidelity.. > > proxy to server: > GET /?oauth_token=FOO HTTP/1.1 > Host: bank.example.com 2) Now the server knows it, too. > > (server verifies the token "FOO" is valid for client 1 through the > proxy) > > bank server to proxy: > HTTP/1.1 200 OK > stuff > > proxy to client 1: > HTTP/1.1 200 OK > stuff > > .. some time passes. The token "FOO" expires, gets replaced by token > "FOO-2". > > > client 1 to proxy: > GET /?oauth_token=FOO-2 HTTP/1.1 > Host: bank.example.com Same as in 1) > > proxy to server: > GET /?oauth_token=FOO-2 HTTP/1.1 > Host: bank.example.com Sane as in 2) > > (server verifies the token "FOO-2" is valid for client 1 through the > proxy) > > bank server to proxy: > HTTP/1.1 200 OK > other-stuff > > proxy to client 1: > HTTP/1.1 200 OK > other-stuff > > > Attacker processes some URL records they somehow swiped from the > client transactions... 3) How can attacker swipe it, if the token was passed *as part of an encrypted payload?* > > attacker to proxy: > GET /?oauth_token=FOO HTTP/1.1 > Host: bank.example.com > > proxy to attacker: > HTTP/1.1 200 OK > stuff > > ... Oops. > > attacker to proxy: > GET /?oauth_token=FOO-2 HTTP/1.1 > Host: bank.example.com > > proxy to attacker: > HTTP/1.1 200 OK > other-stuff > > ... Oops. > > > I assume for clarity that the server and client 1 have both correctly > implemented Bearer and are performing proper validation and expiry on > the query-string tokens. > > The mitigation is for the server which implements Bearer to be sending > Cache-Control with one of the values: no-store, private, > proxy-revalidate and/or must-revalidate. > > AYJ > > >> >> Then it is the bank's problem, not OAuth's as far as I am concerned... >> >> Igor >> >> On 1/2/2012 7:36 PM, Amos Jeffries wrote: >>> On 1/2/2012 7:07 AM, Amos Jeffries wrote: >>>>> On 2/01/2012 11:00 p.m., Torsten Lodderstedt wrote: >>>>> ... >>>>>> >>>>>> general note: I do not understand why caching proxies should >>>>>> impose a problem in case TLS is used (end2end). Could you please >>>>>> explain? >>>>> >>>>> Because TLS is hop-by-hop (in HTTP hops, end-to-end only in TCP >>>>> hops). Proxies which decrypt TLS and provide responses out of >>>>> cache are already deployed in many places. Mostly in the form of >>>>> reverse-proxies, but corporate decryption proxies are also on the >>>>> increase. >>>>> >>>>> AYJ >>> >>> On 3/01/2012 11:17 a.m., Igor Faynberg wrote: >>>> I am at a loss here; granted, it is a gray area... Does it mean >>>> that RFC 2817 has not been implemented properly? >>>> >>> >>> From RFC 2817: >>> " >>> >>> 5. Upgrade across Proxies >>> >>> As a hop-by-hop header, Upgrade is negotiated between each pair of >>> HTTP counterparties. If a User Agent sends a request with an >>> Upgrade >>> header to a proxy, it is requesting a change to the protocol between >>> itself and the proxy, not an end-to-end change. >>> " >>> >>> The more common case is CONNECT method from RFC 2068, from a user >>> agent to a reverse-proxy. Same behaviour. >>> >>>> To make it simple: At the client, I establish a session key with >>>> the server, and then use it for confidentiality. How is this key >>>> known to any proxy? >>> >>> "the server" is a proxy. >>> >>> AYJ >
- Re: [OAUTH-WG] OAuth Bearer authentication - for … Amos Jeffries
- Re: [OAUTH-WG] OAuth Bearer authentication - for … Igor Faynberg
- Re: [OAUTH-WG] OAuth Bearer authentication - for … Amos Jeffries
- Re: [OAUTH-WG] OAuth Bearer authentication - for … Torsten Lodderstedt
- Re: [OAUTH-WG] OAuth Bearer authentication - for … Amos Jeffries
- Re: [OAUTH-WG] OAuth Bearer authentication - for … Igor Faynberg
- Re: [OAUTH-WG] OAuth Bearer authentication - for … Amos Jeffries
- Re: [OAUTH-WG] OAuth Bearer authentication - for … Igor Faynberg
- Re: [OAUTH-WG] OAuth Bearer authentication - for … Amos Jeffries
- Re: [OAUTH-WG] OAuth Bearer authentication - for … Igor Faynberg
- Re: [OAUTH-WG] OAuth Bearer authentication - for … Amos Jeffries